Use existing constant as the source of our enrichments query

This is now used by both the overview card and the enrichment query.
elastic · Jun 28, 2021 · 81dd927 · 81dd927
1 parent fabefb7
commit 81dd927
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/...ty_solution/public/common/containers/cti/event_enrichment/use_investigation_enrichment.ts b/...ty_solution/public/common/containers/cti/event_enrichment/use_investigation_enrichment.ts
@@ -15,6 +15,7 @@ import { useKibana } from '../../../lib/kibana';
 import { inputsActions } from '../../../store/actions';
 import * as i18n from './translations';
 import { useEventEnrichment } from '.';
+import { DEFAULT_CTI_SOURCE_INDEX } from '../../../../../common/cti/constants';
 
 export const QUERY_ID = 'investigation_time_enrichment';
 const noop = () => {};
@@ -60,9 +61,9 @@ export const useInvestigationTimeEnrichment = (eventFields: EventFields) => {
       start({
         data: kibana.services.data,
         timerange: { from, to, interval: '' },
-        defaultIndex: ['filebeat-*'], // TODO do we apply the current sources here?
+        defaultIndex: DEFAULT_CTI_SOURCE_INDEX,
         eventFields,
-        filterQuery: '', // TODO do we apply the current filters here?
+        filterQuery: '',
       });
     }
   }, [from, start, kibana.services.data, to, eventFields]);